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A system for enhancing a publishing data system such as a Domain Name 

Server 



1, Abstract 

A system to enhance the value of items stored within publicly available data areas, by 
supporting association of data areas through providing selectively available 
supplementary Information that can be used to give different structural forms for the 
publicly available data, provision of discrete sets of supplementary data being 
dependent on the distinct populations of users requesting it 

2. System description 

2.1 Prior Art 

The Internet is a data network that has become more and more pervasive over recent 
years. The Internet utilizes the service of Domain Name Servers (DNS Servers) for 
uniquely locating resources on the Network. DNS seivers on the Internet link names 
(e.g. yahoo.com) with Internet Protocol (IP) addresses (e.g. 192.168.1.1) for 
establishing data communication. 

DNS servers can also be populated with Name Authority Pointer (NAPTR) records 
that store various Contact Addresses from several Networks (Public Switched 
Telephony Networks, Web Addresses, Email Addresses, etc). A DNS server can be 
viewed as a public data store and publisher system that publishes information items 
to all requesting clients regardless of their identity. Information in this data store can 
be resolved by a DNS client 

DNS Servers can be viewed as a globally distributed, loosely coherent, scalable, 
reliable, dynamic database. This database has a fixed structure corresponding to an 
inverted tree with the root node at the top. Each node of the tree has a label (the root 
node having the null label). A domain name is the sequence of labels from a node to 
the root, separated by dots, read left to right, one domain being a sub domain of 
.another if its domain name ends in the other's domain name (yahoo.com is a sub 
domain of com). Name servers cooperate to publish the data of the name space, in 
the case of a DNS system the hierarchy and the organization of the data store is 
fixed and organized according to a Tree structure. The only way of retrieving data 
published through the DNS is by walking down the name space Tree. The Tree 
structure of the DNS fixes the hierarchy of domain names in the name space. 

2.2 System components 

Hie system has five sub-systems: 

Sub-system 1: a public data store and publisher sub-system that stores and 
publishes information items to ail requesting clients regardless of their identity, this 
data store being partitioned into discrete areas each of which is associated with a 
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unique area identity, and which can return data stored within this area on request 
from any user who passes the area identity of interest to the data store. 

Sub-system 2: a client sub-system, by which an end user may query the public data 
store for any information it contains by passing a data area identifier, but in addition 
rnsy request supplementary information from a separate directory sub-system, 
passing the identifier of the data area in which they are interested and their identity to 
that directory so that it may select the supplementary information returned based on 
their interest and their identify. 

Sub-system 3: a directory sub-system that stores structural information holding 
relations and associations between the public data areas stored and published from 
the public data store, and presents this information based both on the (public) data 
area of interest and on the identity of the requesting party. There may be several 
independent sets of structural information stored for a given (publicly available) data 
item. Mote that this directory does not hold copies of data items, but instead holds 
only references to the data areas (the area identifiers) and the relations between 
those data areas. This directory sub-system can be seen as a system enabling 
navigation in the Public Data Store through the relationships it creates between the 
public data areas. 

Sub-system 4: an editing sub-system by which relations between public data areas 
may be captured and stored in the directory sub-system, and by which classification 
of the availability of this data set may be controlled based on the identity of 
requesting users, and by which authorized users may store data items to be 
published in an area of the public data store; authorization being granted exclusively 
to a given user for a particular area of the data store. 

Sub-system 5: a query engine that can return a reference to a public data area 
matching a passed search term. 

Alternative 1: the incorporation of an additional registry controlled sub-structure (e.g. 
a sub-domain fn the case of a DNS system) can permit enhanced management and 
query of the public and/or directory data. 

Alternative 2: an integrated management level used by the end users, whereby they 
can manage their specific data according to their own fogic. 

Alternative 3: as a variation on the above, the directory sub-system may in addition 
store and publish data areas (with their constituent data items) in a similar form to 
those published from the public data store sub-system; thus not only does the 
directory hold structural information but also individual data areas that can act as new 
nodes in the structure that are only available from within the directory. 

Alternative 4: the inclusion of an End-User system to identify, differentiate,, and 
resolve between, contact information (telephone numbers, email addresses, etc) and 
content information (web site addresses - personal or corporate, web based 
application addresses, etc). 
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2.3 System Diagram 

This is shown in the accompanying drawing. 
3- Example embodiment: 
3.1 Definitions 

3.1.1 Subscriber Name 

The Subscriber Name is a domain name that is within the hierarchy of a name space 
together with hierarchical or contact information associated with that domain. 

3.1.2 Registrant - 

A person that purchases The Subscriber Name through the Client Subsystem. 

3.1.3 TLD Registry 

The entity that has authority over the name space by managing the top of the DNS 
Tree. 

3.1.4 Domain Name System (DNS) 

A service provided by distributed directory servers by which resources can be 
associated with a node within a single, gfobal hierarchical name space, and can be 
queried and returned using a defined protocol. The overall definitions for the DNS are 
specified in RFC1034 and RFC1035. 

3.1.5 Domain 



The delegated Domain Name Service domain associated with a Subscriber Name. 

3.1.6 Subscriber Contact information 

Associated with a Subscriber Name is a set of records each of which holds some 
information on the communications contacts defined for the assignee of that domain. 
Where published in the Domain Name System, this will be stored within Name 
Authority Pointer (NAFTR) resource records. In addition, this Contact Information 
may be published within other services, such as Web-based "Whois" Servers, Web- 
based Search Engines, or in Directory Servers. 

3. 1. 7 Fully Qualified Domain 

A Fully Qualffied Domain is the leaf of a domain space based on the top level 
domain. Only a Fully Qualified Domain has contact information associated with it that 
can be returned via the Domain Name Service. 
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3.7-8 Directory 

A Hierarchical database set (potentially distributed) that stores Subscriber Names 
and their associated contact information items. This database stores records holding 
detailed content for a delegated Subscriber Name Domain (or set of such domains) 
This Server publishes these records using the DNS protocol. This Directory holds 
SESSiS. ^jbuted Servers that in turn store records with the content for a 
Subscnber Name Domain delegated by the TLD Registry. 

3.1.9 DNS Tree 

£1?^°^' S"?"!^ databasa stores Subscriber Contact Information items 
that are published to clients everywhere using the DNS protocol. Entries in the DNS 
Tree use standard resource record types (DNS RR records). 

S.i.iG Directory Tree 

This Structure may be defined as a set of relationships between nodes in the 
Directory repository. 

3.1.11 Node 

A node has two sets of relations; 'parent* relations that refer to one set of nodes, and 
child relations that refer to another set of nodes. In a tree structure, exactly one node 
has an empty parent relation set. All other nodes have one parent relation. A node 
may have zero or more child relations. These rules form the definition of a tree 
structure. When discussing tree structures, the node with no parent is often referred 
to as the rooTj of the tree, whilst those nodes that have no child relations are known 

VeS «K° T tj^ Ji^ *"* have both a P*** retaSor ' an * °Wd relations are 
Known as branches of the tree. 

3.2 Description 

The public data store and publisher sub-system is realised using a device that 
ESSES? ? tenda,rd Domain Name Service (DNS, as specified in RFC1034 and 
KPG1035), and in addition stores the names of the person responsible for each data 
area. In this case the discrete data areas it holds are domains, and the identifier for 
tnese domains are domain names. The data items stored within the areas are DNS 
Resource Records. 

DNS is designed as a distributed hierarchical data store: either the "data store and 
publisher sub-system" device holds the data hems directly within its data store or it 
holds a reference to an external (subsidiary) DNS server that supports that data 'area. 
These subsidiary servers may in turn support sub-areas within the data area thev 
hold Such sub-areas are identified by identifiers that are within the context of the 
iderrbfter for the area that "contains" them. In DNS, this is done by prepending a 

1 1 10 E 8 ma L" i£tentifier - ™K a separator between the label and the main 
identifier. As a hierarchical system, the subsidiary DNS servers may hold the data 
items associated with such sub-areas themselves, or hold references to another DNS 
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^X^Sl^!? e ^ S f£,! l i b " area and 148 data ltems are stored, as specified in 
RFC159 1 . Note: See RFC1 034 for definitions of these terms. 

When a new domain is created within the main DNS device in this system; an 
automatic notification is sent to the query engine and to the directory listing the 
domain name with which the domain is associated, along with the name of the 
person responsible for that domain's creation; thus by this notification they can build 
a complete list of the domain names known to this DNS device, and the names of the 
people responsible for those domains. Note, however, that they are not informed of 

-5 e !?^ S ° r va,U8s data 96018 may be stored within the domains so 

identified. 

The query engine is realised using a device that accepts a textual value as a search 
term, applies this value to its database of names of people responsible for domain 
names, and returns the domain name or names for which a person whose name 
matches the passed search term is responsible, or a list of domain names associated 

W *I? 1 J P tIf 0 2- S - whose name forms " c,osest matches" to the search term, usinga 
standard affinity pattern matching algorithm. The query engine has a complete list of 
all domain names and their responsible person names known to the DNS sever as 
an indication of the creation of all new domains (and the domain name with which 
they are associated) is sent from the main DNS device to the query engine. 

The directory sub-system is realized using a device that stores relation data sets that 
areassociated with individual domain names. In one example, these consist of a set 
of references to other domain names that form a tree structure based on the domain 
name in question, together with an access control policy that identifies the class of 
querying users to whom this structural data should be returned. The directory also 
receives notification on the creation of new domains within the main DNS device so 
its internal data store includes all of the domain names associated with domains held 
in the main DNS device. 

The directory holds references to not only the domain names known in the main DNS 
device but also to subsidiary domain names that have been introduced by authorized 
users; these are sub-domain names within the context of the domain name notified 
on creation from the main DNS device, 

Thus the directory is informed of other domain names that exist outside of the DNS 
device. 

Thus the structural date the directory returns may include reference not only to those 
domain names and responsible person names stored in the main DNS device, but 
also to those held in external subsidiary DNS devices. 

Finally, the structures may include intermediary nodes in the tree structure; such 
nodes need not exist outside the directory itself and exist only as constructs of 
relational data sets. 

It is novel to use automatic notification from a trusted source - i.e. the Registry - to 
pre-populate a directory with domain names and the identity of the person 
responsible for their creation. This allows the directory to (i) ensure that relation date 
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S *?Sl , domains that exist in the external DNS system. 00 control the ability 
of external users to create relations based on those domains - i e only the person 
responsible for the creation of that domain is allowed to create relations based onT 

The relationship between a Registry and a Directory Service Provider usino this 
automatic notification improves the efficiency of the directory SSSEriktfZ 
minimizing the privileged data that flows through the oKfZa* 
domain has been created the information on that domairTand orTttfe Lrson 
SSL^ r ati r I™* known to the Registry. The wSctory Ser^ce 
Provider gets thts information through this certified automatic notification process. 

The relationship between a Registry and a Directory Service Provider usina this 
automatic notification process simplifies the drrectory-ssubseauent^sk of Si 
data on relations between these names, and additionally other £mas ?L? are^ded 

f*Zf*2l S ln £* ** dlrector y receives these autornJc nations 

from a trusted source; thus the names that can appear «f the root of these reSonS 
structures are already in place, along with the identities of tbe'personsi^oSfbte for 

me relational data that the directory will subsequently present based on this notified 

^iSSS^^SL re,ational data can be ^ °V querying users to relate names to 
S?J2 ?" ^P*™ 03,1 De f" 016 than one set of relational data for a given domain 
the data returned can be based on the identity of the querying user. ' 

ii^f^^'^ °J «he person responsible for creation of the domain that is to be 
T at h *^f n ^ re ' a ^ h al t data means «hat the directory can easily ensure that on* 
^om^TnH^^J 9 ^* 0 constr " ct su PP ] ementary relation data concerning the 
domain, and so the directory can enforce this with information it already has, through 
this automatic notification process. y 1 ,uuy " 

It is novel to use automatic notification from a trusted source to populate a search- 
engine with names of the persons responsible for having a doS Tcreale? ^fnis 

t SS 3 qU ^ n9 - USe L t0 SearCh based on the name of that responsible pereon and 
EE? en9 '" e to : eturn domains w hich they are associated! or ?o use 
affinity-based searches to return the domains associated with people whose names 
are the "nearest matches" for the name passed by the user as a SLrnh 2™ t£X 
relatior^hip between the Registry and the S^SJS P^idTto Sves me 
t^^-^J? 6 T? lnB sub - s V stem : * can be ctfnsideSbTy %*£E*l*£ 

these not.ffcations wh.Ist it would require at least polling the Registry to find out if 

nn^nT afnS M been ***** and if so at wh °se request if theslnotifiSbons were 



Additionally, allowing the directory to pass notifications of other domains that it has 
been informed of by its authorised users (along with their Identity and the acceS 
W1S u 8PP !£ d) mSanS the re »^nshi> between tto *2ctor?i3t5 

«— ■ ^e^ernal 
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It is novel that the directory and the DNS device, in conjunction, form a hybrid system 
in which foe directory stores only relation data associating names, whilst the data 
rterns held within data areas that are identified by these names are stored externally 
to the directory m a separate distributed hierarchical data store- the DNS The 
directory is informed of sub-domains that would not be known to the Registry's DNS 
device by the persons responsible for the domains and their sub^omains This 
allows those responsible persons exclusive control over this relation data, and allows 
the directory to publish this data selectively based on the class of user requesting this 
supplementary information and on the access control policies specified by the 
domains responsible persons. 

ITt?^2 U ^ 0n w^^ b !! d ^^ m allows <* 0 ™*™ and their contained items 
to be held on a distnbuted data store that provides one set of data, whilst storinq 
supplementary sets of relational information within a directory that can select which 
set to return based on the querying user's identity as wen as the domain in which 
trtay are interested. 

h l s ° f maintaining control for publication of the contained items 

wtti.n the distributed data store; the directory does not store these items but only 

!fl r f TS.*?. the dom ? ,n n . ame iderrtifiers - «t also ensures that there is only one copy 
of the date items, whilst allowing different "views" on the relationships between the 
domains that contain the items based on a querying user's identity. 

Having only one copy of the data items removes a problem of synchronization 
between Afferent systems holding copies. However, information on the hierarchy that 
relates different domains {that is not normally available to the public through ttie DNS 
system) is stored separately in the directory where it can be provided with controlled 
access, with different information being provided depending on the identity of the 
user asking for it. 

By reflecting the hierarchy of domain names, the person responsible for the enclosinq 
domain name is identifiable (as this identity is passed when the domain for which 
they are responsible is created). Thus control over the rights to relate domains and 
their sub-domains is controlled; it remains with that responsible person 



A 



Rpr 03 QG: 07 



George licGoeian 



01223 31 1209 



p. 11 




E 
« 

DO 

•3 

1 



I 

£ s 

era ]» 

tJ ? 

S3 jd 

8 4. 



